Scientific Linux Fermi 6.1 Release i386/x86_64 December 14, 2011 --------------------------------------------------------------------------- Please enter bug reports (not questions) to https://slfbugs.fnal.gov . Login is via your Services account/password. Also read the Upstream Vendor release notes . They are located in sl-release-notes/. Also read the SL.releasenote for changes between SL and TUV(The Upstream Vendor). ---------------------------------------------------------------------------- This is based on the rebuilding of RPMS out of SRPMS's that form Scientific Linux. Please read this entire document before installing. Table of contents INSTALLATION INFO ADDED compared to Scientific Linux 6.1 UPDATED compared to Scientific Linux 6.1 REMOVED compared to Scientific Linux 6.1 Installer modifications /contrib /docs /notsupported MISC Notes HARDWARE SPECIFIC ISSUES SOFTWARE ISSUES/BUGS SUPPORT INFO vendor ERRATA Each has a "---" line above and below it. _____________________________________________________________________________ INSTALLATION INFO _____________________________________________________________________________ Installation Locations Via NETWORK: NOTE the http choice is done automatically for network install image nfs: linux.fnal.gov:/export/linux/fermi/slf6.1/i386/os/ linux.fnal.gov:/export/linux/fermi/slf6.1/x86_64/os/ ftp: linux.fnal.gov/linux/fermi/slf6.1/i386/os/ linux.fnal.gov/linux/fermi/slf6.1/x86_64/os/ http: linux1.fnal.gov/linux/fermi/slf6.1/i386/os/ linux1.fnal.gov/linux/fermi/slf6.1/x86_64/os/ VIA ISO DVD iso image: ftp://linux1.fnal.gov/linux/fermi/slf6.1/i386/iso/*DVD* ftp://linux1.fnal.gov/linux/fermi/slf6.1/x86_64/iso/*DVD* network install via boot.iso wget ftp://linux1.fnal.gov/download/slf6.1/network.install.i386/ wget ftp://linux1.fnal.gov/download/slf6.1/network.install.x86_64/ And our easy to remember location ftp://linux.fnal.gov/downloads/slf6.1/ When installing SLF 6.x as a Xen Paravirtualized Guest the installation location is http://linux1.fnal.gov/linux/fermi/slf6x//os/ ----------------------------------------------------------------------------- ADDED compared to Scientific Linux 6.1 i386/x86_64 ----------------------------------------------------------------------------- slf-release-6.1-2 Provide /etc/yum.repos.d/slf.repo . This repo includes entries for slf , slf-updates and slf-source. The repos slf and slf-updates are enabled by default. Fixed typo in /etc/yum.repos.d/slf.repo . Missing "Fermi" in reponame. Add missing gpg key to sl-source in /etc/yum.repos.d/slf.repo slf-bookmarks-6-1.slf6 Customized for SLF slf-release-notes Places Fermi.releasenote in html format in /usr/share/doc/slf-release-notes-6.1/ alpine Now available Clam Anti Virus Clam Anti-Virus. Obtained from the EPEL repository and rebuilt from src.rpm. http://www.clamav.net clamav-0.97-13.el6 clamav-db-0.97-13.el6 clamav-devel-0.97-13.el6 clamav-milter-0.97-13.el6 clamd-0.97-13.el6 drbd drbd83-utils-8.3.10-1.el6 kmod-drbd83-8.3.10-2.el6 DRBD mirrors a block device over the network to another machine. Think of it as networked raid 1. It is a building block for setting up high availability (HA) clusters. flpr Installed by default. This does NOT require ups/upd. The flpr binary will reside in /usr/local/bin/ flpr heartbeat heartbeat is a basic high-availability subsystem for Linux-HA. It will run scripts at initialization, and when machines go up or down. This version will also perform IP address takeover using gratuitous ARPs. It supports "n-node" clusters with significant capabilities for managing resources and dependencies. heartbeat-3.0.4-1.el6 heartbeat-devel-3.0.4-1.el6 heartbeat-libs-3.0.4-1.el6 libnet-1.1.4-3 libnet-devel-1.1.4-3 Fermi Kerberos krb5-fermi-config-4.1-2 krb5-fermi-krb5.conf-4.1-2 krb5-fermi-getcert-1.1-2.slf6 krb5-fermi-base-2.1-12 krb5-fermi-addons-1.2-13.slf6 Note the krb5-fermi-addons rpm does NOT contain a "aklog" that supports compound principles. If after upgrading krb5-fermi-base or krb5-fermi-addons the symbolic links that point from /usr/krb5/bin,sbin are missing they can be restored by yum reinstall krb5-fermi-addons krb5-fermi-base krb5 TUV krb5 1.9-9 client does not work with FNAL Kerberos TUV bugzilla number 713518 . The above issue was fixed by a update in krb5*1.9.el6_1.1 from TUV. A new bug was found with kadmin. A patch from the MIT Kerberos code repository was added. http://krbdev.mit.edu/rt/Ticket/Display.html?id=6920 TUV bugzilla number 713252 for i386 krb5-devel-1.9-9.el6_1.2.slf.i686.rpm krb5-server-1.9-9.el6_1.2.slf.i686.rpm krb5-libs-1.9-9.el6_1.2.slf.i686.rpm krb5-server-ldap-1.9-9.el6_1.2.slf.i686.rpm krb5-pkinit-openssl-1.9-9.el6_1.2.slf.i686.rpm krb5-workstation-1.9-9.el6_1.2.slf.i686.rpm for x86_64 krb5-devel-1.9-9.el6_1.2.slf.i686.rpm krb5-devel-1.9-9.el6_1.2.slf.x86_64.rpm krb5-libs-1.9-9.el6_1.2.slf.i686.rpm krb5-libs-1.9-9.el6_1.2.slf.x86_64.rpm krb5-pkinit-openssl-1.9-9.el6_1.2.slf.x86_64.rpm krb5-server-1.9-9.el6_1.2.slf.x86_64.rpm krb5-server-ldap-1.9-9.el6_1.2.slf.i686.rpm krb5-server-ldap-1.9-9.el6_1.2.slf.x86_64.rpm krb5-workstation-1.9-9.el6_1.2.slf.x86_64.rpm openafs-thiscell-FNAL Defines FNAL.GOV for openafs. SLIP Scientific Linux Inventory Project client ocsinventory-fermi formerly ocsinventory-client Updated to find Config.pm and strict.pm Modified the /etc/cron.daily/z_ocs.inventory.client.cron file changing "ifconfig" to "ip addr" so that infiniband works upsupdbootstrap Not installed by default. There are only 2 rpms now. upsupdbootstrap has been incorporated into each of the rpms below . Only can select 1. The x86_64 install has a "requires" for the 32bit glibc as all of ups/upd is 32bit. This the 32bit glibc is installed during the install. As always these rpms have NO functionality to OVERWRITE or UPGRADE a existing UPS/UPD install. Use UPS/UPD to upgrade UPS/UPD. A default x86_64 bit install does not install any 32 bit libraries These upsupdbootstrap* rpms have a dependency on glibc.i686 and compat-libtermcap to accomadate the library dependencies of all the ups/upd bootstrap installed packages. If other ups/upd packages are installed later then these need to be checked to make sure all 32 libraries are installed too. Use "ldd" to help with this determination. upsupdbootstrap-fnal-6.0-2 conflicts with upsupdbootstrap-local Installs ups/upd to /fnal/ups upsupdbootstrap-local-6.0-2 conflicts with upsupdbootstrap-fnal Installs ups/upd to /local/ups yum-conf-slf6x-1-2.slf6 Will keep you at 6x which is the current stable 6x release. So when we release the next 5 release yum will automatically yum install it except for the kernel. yum-conf-fermi-internal Adds the fermi-internal yum repository yum-conf-fermi-internal yum-conf-fermi-other-6-5 Improved security of for fermi-testing and slf-debuginfo Provides slf-fastbugs, fermi-testing and slf-debuginfo via /etc/yum.repos.d/slf-other.repo All of these repo's are disabled by default. yum-autoupdate-2-6.slf Added missing dependencies Improved security of fermi-addons repo yum-autoupdate has the nightly yum cron job in it. The nightly cron job has been modified to check the addons directory. zz_alpine_user_domain replaces zz_pine_user_domain By default when a user sends mail from alpine their email address is myname@mycomputer.fnal.gov. This rpm changes it so that the default is myname@fnal.gov by modifying the /etc/pine.conf config file. zz_auto_update_kernel Remove the exclude of the kernel from the nightly autoyum thus allowing the kernel to be upgraded via the nightly yum. Note that this does not check if you have custom kernel modules or a custom kernel installed. You have to ensure that this will work in your environment. You will have to reboot after the kernel is upgraded. The rpm does NOT reboot the system. Watch root email for notification of all nightly auto yum updates. zz_dhcp_resolv Removed compared to SL 5.x as not needed anymore. zz_disable_avahi This will turn off and disable the avahi daemons Now installed by default in both the "Fermi Desktop" and "Fermi Server" install choices. zz_enable_firewall_fnal Not installed by default. Available if needed. Enables and populates /etc/sysconfig/iptables to allow incoming network connections for fnal.gov only except for a small list of approved ports. Installed by default if "Fermi Generic Desktop" or "Fermi Generic Server" are selected. zz_fermi_ssh_config Provides fermi kerberized /etc/ssh/ssh_config file. Installed by default. Triggered on installation of openssh-clients . The order of entries in the config file was also incorrect previously but /etc/ssh/ssh_config should be fixed after installing this package. Tickets were not forwarding for unqualified hosts prior to this update. zz_fermi_sshd_config Provides fermi kerberized /etc/ssh/sshd_config file. Installed by default. Triggered on installation of openssh-server . zz_gdm_doe_banner Provides the Fermi DOE Banner on all GDM login windows. This should be installed on all on-site systems using GDM per DOE policy. zz_gdm_no_user_list Prevents GDM from displaying a list of valid users. This sets the same behavior as the default on previous versions of SLF. zz_lang_collate Changes LANG so that sorting is done the same as 6.1 and earlier. (ABCabc instead of AaBbCc). Can speed up programs that sort. zz_local_dns_cache This rpm will change your machine to use a local dns cache before looking for the standard dns servers Converted to a trigger based more robust configuration zz_logwatch_df Not needed anymore. zz_ntp_configure Configure ntp for Fermi site network. Installed by default for "Desktop" and "Server" installs. Startup script now pokes hole in the firewall for itself One can manually change the script by editing the file /etc/sysconfig/ntpd.fermi zz_screenlock_kde Enables screen lock with "blanking" screen saver so power saving monitors will go into sleep mode. Ensures that the Timeout value is 10 minutes or less. Installed by default with KDE . Note that KDE is not the default desktop. zz_sendmail_accept zz_postfix_accept Replaces SL_sendmail_accept . Enabled postfix or sendmail to receive email for non localhost network addresses. zz_sendmail_fermi_gateway-2.1-2 zz_postfix_fermi_gateway-1.1-1 The zz_postfix_fermi_gateway rpm was fixed to change the RELAY parameter to be smtp.fnal.gov. zz_sendmail_fermi_gateway modified to be smtp.fnal.gov zz_sendmail_fermi_gateway fixed to restore old status correctly zz_tcp_wrappers_change Disable all offsite access to common network services. Also puts in the "DOE required login banners". If it determines that you have already modified /etc/hosts.allow or host.deny it leaves them alone. Installed by default for "Desktop" and "Server" installs. zz_use_clogger Change /etc/rsyslog.conf to log to clogger.fnal.gov Installed by default for "Desktop" and "Server" installs. --------------------------------------------------------------------------- UPDATED compared to Scientific Linux 6.1 i386/x86_64 ---------------------------------------------------------------------------- live tools Updated to point to 6.1 livecd-tools-13.3-6.sl6 liveusb-creator-3.11.4-6.1.sl6 python-imgcreate-13.3-4.el6 pam_krb5 pam_krb5 has NOT been updated to support cryptocards. There is NO support for cryptocards in this release. redhat-logos Updated with the graphics from SL 6.1 This version of redhat-logo's has all of the generic changes that were made with Scientific Linux as well as changes to make it look like SLF. yum-conf-adobe Added this metapackage which will install the 32 or 64 bit repo depending on your system. yum-conf-atrpms yum-conf-elrepo yum-conf-epel yum-conf-rpmforge Installs the repo files for these external repos. However, the repos remain disabled and a few packages have been masked to prevent their installation as they conflict with ones we provide. ----------------------------------------------------------------------------- REMOVED compared to Scientific Linux 6.1 i386/x86_64 ----------------------------------------------------------------------------- revisor-mock sl-release ---------------------------------------------------------------------------- Installer modifications -- compared to SL 6.1 --------------------------------------------------------------------------- Anaconda (installer) Changes to "defaults" in the installer. US/Central is default timezone. Default was New York. Kerberos is enabled by default . Default network boot.iso install is via http to the onsite installation servers . Disk Partitioning layout default is "custom". The ipv4 vs ipv6 default was changed to ipv4. ipv6 can still be selected if needed. We changed the default choice for "tasks" to be "Fermi Generic Desktop" and "Fermi Generic Server" . The boot.iso image installs the security errata by default. The DVD iso images have the option to select that security errata are installed by default. --------------------------------------------------------------------------- KNOWN LIMITATIONS/BUGS --------------------------------------------------------------------------- "text" install only installs "minimum". There is no X . This is a VERY limited install. If there is not "enough" memory the kdump "first boot" screen will pop up a "error box". This "error" looks "bad" but it is just informational. During a network install there is a "screen" that displays the "installation" repositories. There is no need to disable any of these. Please DO NOT disable any of these repos. Note that updates are only between the same major version. So in this case that is SLF 6 to SLF 6. This is the same as TUV. There are NO UPGRADES from SLF 4 or 5 to SLF 6 , not even yum upgrades !!!! If you enter a "hostname" during the install and you have selected "dhcp" the "hostname" will be what is returned by the "hostname" command but this will NOT set DHCP_HOSTNAME to this "hostname" as happened on SLF 5. To enable dhcp hostname edit /etc/sysconfig/network-scriptsifcfg-. Add DHCP_HOSTNAME=. --------------------------------------------------------------------------- MISC NOTES --------------------------------------------------------------------------- --------------------------------------------------------------------------- SUPPORT INFO --------------------------------------------------------------------------- Scientific Linux Fermi web pages http://fermilinux.fnal.gov/ Scientific Linux Fermi BUGZILLA https://slfbugs.fnal.gov/ Fermi Linux Community support mailing list linux-users@fnal.gov Which is archived at http://listserv.fnal.gov/archives/linux-users.html Scientific Linux web page http://www.scientificlinux.org ------------------------------------------------------------------------------ SECURITY ERRATA RELEASED AFTER SL6.1 was released ------------------------------------------------------------------------------ Security errata will not be placed in the default install tree as has been done with prior releases of Scientific Linux Fermi. They will only reside in the updates/security/ directory. The boot.iso "network install iso" will install all available security errata during the install unless you disable the security repo during the install. The DVD images do NOT install security errata during the install by default because the network is not available. If you enable the "Scientific Linux Fermi Security" repo on the "repo" screen then security errata will be installed assuming the network is available. You will have to do a "yum -y update" after the installation via DVD to install all the security errata if you did not enable the network and the "Scientific Linux Fermi Security" repo during the install.